Legal claims defining the scope of protection, as filed with the USPTO.
1. A computer program product for managing cooperative computer software applications, the computer program product comprising: a non-transitory, computer-readable storage medium; and computer-readable program code embodied in the storage medium, wherein the computer-readable program code is configured to set a budget indicating a number of alerts for suspicious activity by setting the budget equal to a selected targeted average rate of alerts produced by the system over a pre-determined period of time, adjust a working threshold risk score by defining an initial working threshold risk score, providing a history of recorded top risk scores within a budget sliding interval window, and adjusting the initial working threshold to an increased working threshold such that a number of the recorded top risk scores that exceed the initial working threshold is calculated to be less than or equal to the number of alerts indicated by the set budget, use the adjusted working threshold to normalize incoming risk scores, and determine whether an incoming risk score should receive an alert, wherein the computer-readable program code is further configured to set the budget for multiple risk score types, wherein each of the multiple risk score types receives a portion of the budget.
2. The computer program product according to claim 1 wherein the portion for one of the multiple risk score types is not equal to the portion for another of the multiple risk score types.
3. A computer program product for managing cooperative computer software applications, the computer program product comprising: a non-transitory, computer-readable storage medium; and computer-readable program code embodied in the storage medium, wherein the computer-readable program code is configured to set a budget indicating a number of alerts for suspicious activity by setting the budget equal to a selected targeted average rate of alerts produced by the system over a pre-determined period of time, adjust a working threshold risk score by defining an initial working threshold risk score, providing a history of recorded top risk scores within a budget sliding interval window, and adjusting the initial working threshold to an increased working threshold such that a number of the recorded top risk scores that exceed the initial working threshold is calculated to be less than or equal to the number of alerts indicated by the set budget, use the adjusted working threshold to normalize incoming risk scores, and determine whether an incoming risk score should receive an alert, wherein the computer-readable program code is further configured to include a first risk score for a first risk score type and a second risk score for a second risk score type, said first risk score and said second risk score normalized and combined into a combined risk score, and define the working threshold as a combined working threshold, wherein the combined working threshold is combined score working threshold for combined risk scores.
Unknown
May 19, 2020
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.